Cleartext storage of sensitive information in Redgate SQL Change Automation

#VU24348 Cleartext storage of sensitive information in Redgate SQL Change Automation

Published: 2020-01-16

Vulnerability identifier: #VU24348

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2095

CWE-ID: CWE-312

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Redgate SQL Change Automation
Web applications / Modules and components for CMS

Vendor: Jenkins

Description

The vulnerability allows a remote user to view the password on the target system.

The vulnerability exists due to the affected software stores a NuGet API key unencrypted in job "config.xml" files as part of its configuration. A remote user with Extended Read permission or access to the master file system can obtain these credentials.

This is due to an incomplete fix of CVE-2019-1655 (SB2019121820)

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Redgate SQL Change Automation: 1.0.1 - 2.0.4

External links
http://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Cleartext storage of sensitive information in Jenkins Redgate SQL Change Automation Plugin